July 26, 2016 by Canadian Underwriter
The first five months of 2016 were dominated by malicious email campaigns of unprecedented volume, with new ransomware variants emerging quickly and actors “repeatedly [shifting] tactics with new loaders, document attachment types and obfuscation techniques to evade detection,” according to cybersecurity company Proofpoint, Inc.
The Proofpoint Quarterly Threat Summary, released on Tuesday, said that JavaScript attachments led an explosion of malicious message volume – 230% quarter over quarter. “Many Locky and Dridex actors turned to JavaScript files attached to email messages to install payloads,” the report said. “These attacks were among the largest campaigns we have ever observed, peaking at hundreds of millions of messages a day.”
Among email attacks that used malicious document attachments, 69% featured the new Locky ransomware in Q2, versus 24% in Q1. “That surge propelled Locky into the top spot for email-based malware, displacing Dridex,” the report said, adding that CryptXXX appeared on the scene in Q2 and quickly dominated the EK (exploit kit) landscape. Among the top 10 malicious email observed in Q2, the Locky strain accounted for 41% of all payloads, nearly doubling its share in the top 10 email-based threats.
Overall, the number of new ransomware variants (most distributed by EKs) grew by a factor of five to six since the fourth quarter of 2015. Researchers also observed multiple payloads being distributed in a single campaign, highly personalized large-scale attacks, rotating and geo-targeted lure documents; and a “crossover” campaign that attached malware to credential phishing. “In short, threat actors are using a wide variety of techniques to expand attack surfaces and capitalize on clicks in socially engineered attacks,” the report said.
Other findings of the report included:
“Q2 2016 cybersecurity threats were categorized by high volumes, amplified variation and sudden silence, which didn’t last long,” said Patrick Wheeler, director of threat intelligence for Proofpoint. “After dominating the malware landscape for 15 months, Dridex was officially dethroned as the top malicious email attachment security threat. Locky ransomware took the top spot, driven by a 5-6 factor jump in ransomware variants since Q4 2015. JavaScript attachments also increased more than 200% and approximately 80% of our customers were attacked by at least one business email compromise attack.”
Have your say: